This report contains detail for the following vulnerabilities:
| Tag | CVE ID | CVE Title |
|---|---|---|
| Application Virtualization | CVE-2021-26890 | Application Virtualization Remote Code Execution Vulnerability |
| Azure | CVE-2021-27075 | Azure Virtual Machine Information Disclosure Vulnerability |
| Azure Sphere | CVE-2021-27074 | Azure Sphere Unsigned Code Execution Vulnerability |
| Azure Sphere | CVE-2021-27080 | Azure Sphere Unsigned Code Execution Vulnerability |
| Internet Explorer | CVE-2021-26411 | Internet Explorer Memory Corruption Vulnerability |
| Internet Explorer | CVE-2021-27085 | Internet Explorer Remote Code Execution Vulnerability |
| Microsoft ActiveX | CVE-2021-26869 | Windows ActiveX Installer Service Information Disclosure Vulnerability |
| Microsoft Edge (Chromium-based) | CVE-2021-21167 | Chromium CVE-2021-21167: Use after free in bookmarks |
| Microsoft Edge (Chromium-based) | CVE-2021-21177 | Chromium CVE-2021-21177: Insufficient policy enforcement in Autofill |
| Microsoft Edge (Chromium-based) | CVE-2021-21178 | Chromium CVE-2021-21178 : Inappropriate implementation in Compositing |
| Microsoft Edge (Chromium-based) | CVE-2021-21176 | Chromium CVE-2021-21176: Inappropriate implementation in full screen mode |
| Microsoft Edge (Chromium-based) | CVE-2021-21174 | Chromium CVE-2021-21174: Inappropriate implementation in Referrer |
| Microsoft Edge (Chromium-based) | CVE-2021-21166 | Chromium CVE-2021-21166: Object lifecycle issue in audio |
| Microsoft Edge (Chromium-based) | CVE-2021-21175 | Chromium CVE-2021-21175: Inappropriate implementation in Site isolation |
| Microsoft Edge (Chromium-based) | CVE-2021-21181 | Chromium CVE-2021-21181: Side-channel information leakage in autofill |
| Microsoft Edge (Chromium-based) | CVE-2021-21183 | Chromium CVE-2021-21183: Inappropriate implementation in performance APIs |
| Microsoft Edge (Chromium-based) | CVE-2021-21182 | Chromium CVE-2021-21182: Insufficient policy enforcement in navigations |
| Microsoft Edge (Chromium-based) | CVE-2021-21185 | Chromium CVE-2021-21185: Insufficient policy enforcement in extensions |
| Microsoft Edge (Chromium-based) | CVE-2021-21186 | Chromium CVE-2021-21186: Insufficient policy enforcement in QR scanning |
| Microsoft Edge (Chromium-based) | CVE-2021-21179 | Chromium CVE-2021-21179: Use after free in Network Internals |
| Microsoft Edge (Chromium-based) | CVE-2021-21180 | Chromium CVE-2021-21180: Use after free in tab search |
| Microsoft Edge (Chromium-based) | CVE-2021-21161 | Chromium CVE-2021-21161: Heap buffer overflow in TabStrip |
| Microsoft Edge (Chromium-based) | CVE-2021-21160 | Chromium CVE-2021-21160: Heap buffer overflow in WebAudio |
| Microsoft Edge (Chromium-based) | CVE-2021-21159 | Chromium CVE-2021-21159: Heap buffer overflow in TabStrip |
| Microsoft Edge (Chromium-based) | CVE-2021-21162 | Chromium CVE-2021-21162: Use after free in WebRTC |
| Microsoft Edge (Chromium-based) | CVE-2021-21165 | Chromium CVE-2021-21165: Object lifecycle issue in audio |
| Microsoft Edge (Chromium-based) | CVE-2021-21164 | Chromium CVE-2021-21164: Insufficient data validation in Chrome for iOS |
| Microsoft Edge (Chromium-based) | CVE-2021-21163 | Chromium CVE-2021-21163: Insufficient data validation in Reader Mode |
| Microsoft Edge (Chromium-based) | CVE-2021-21171 | Chromium CVE-2021-21171: Incorrect security UI in TabStrip and Navigation |
| Microsoft Edge (Chromium-based) | CVE-2021-21172 | Chromium CVE-2021-21172: Insufficient policy enforcement in File System API |
| Microsoft Edge (Chromium-based) | CVE-2021-21173 | Chromium CVE-2021-21173: Side-channel information leakage in Network Internals |
| Microsoft Edge (Chromium-based) | CVE-2021-21170 | Chromium CVE-2021-21170: Incorrect security UI in Loader |
| Microsoft Edge (Chromium-based) | CVE-2020-27844 | Chromium CVE-2020-27844: Heap buffer overflow in OpenJPEG |
| Microsoft Edge (Chromium-based) | CVE-2021-21168 | Chromium CVE-2021-21168: Insufficient policy enforcement in appcache |
| Microsoft Edge (Chromium-based) | CVE-2021-21169 | Chromium CVE-2021-21169: Out of bounds memory access in V8 |
| Microsoft Edge (Chromium-based) | CVE-2021-21191 | Chromium CVE-2021-21191: Use after free in WebRTC |
| Microsoft Edge (Chromium-based) | CVE-2021-21184 | Chromium CVE-2021-21184: Inappropriate implementation in performance APIs |
| Microsoft Edge (Chromium-based) | CVE-2021-21190 | Chromium CVE-2021-21190 : Uninitialized Use in PDFium |
| Microsoft Edge (Chromium-based) | CVE-2021-21189 | Chromium CVE-2021-21189: Insufficient policy enforcement in payments |
| Microsoft Edge (Chromium-based) | CVE-2021-21188 | Chromium CVE-2021-21188: Use after free in Blink |
| Microsoft Edge (Chromium-based) | CVE-2021-21192 | Chromium CVE-2021-21192: Heap buffer overflow in tab groups |
| Microsoft Edge (Chromium-based) | CVE-2021-21187 | Chromium CVE-2021-21187: Insufficient data validation in URL formatting |
| Microsoft Edge (Chromium-based) | CVE-2021-21193 | Chromium CVE-2021-21193: Use after free in Blink |
| Microsoft Exchange Server | CVE-2021-26858 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| Microsoft Exchange Server | CVE-2021-26855 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| Microsoft Exchange Server | CVE-2021-26857 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| Microsoft Exchange Server | CVE-2021-27065 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| Microsoft Exchange Server | CVE-2021-27078 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| Microsoft Exchange Server | CVE-2021-26854 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| Microsoft Exchange Server | CVE-2021-26412 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2021-26868 | Windows Graphics Component Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2021-27077 | Windows Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2021-26875 | Windows Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2021-26863 | Windows Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2021-26876 | OpenType Font Parsing Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2021-26861 | Windows Graphics Component Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2021-27059 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2021-27058 | Microsoft Office ClickToRun Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2021-24108 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Office Excel | CVE-2021-27054 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office Excel | CVE-2021-27053 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office Excel | CVE-2021-27057 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Office PowerPoint | CVE-2021-27056 | Microsoft PowerPoint Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2021-24104 | Microsoft SharePoint Spoofing Vulnerability |
| Microsoft Office SharePoint | CVE-2021-27076 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2021-27052 | Microsoft SharePoint Server Information Disclosure Vulnerability |
| Microsoft Office Visio | CVE-2021-27055 | Microsoft Visio Security Feature Bypass Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-27051 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-27062 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-27061 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-26884 | Windows Media Photo Codec Information Disclosure Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-26902 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-24110 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-24089 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-27047 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-27050 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-27049 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-27048 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Power BI | CVE-2021-26859 | Microsoft Power BI Information Disclosure Vulnerability |
| Role: DNS Server | CVE-2021-27063 | Windows DNS Server Denial of Service Vulnerability |
| Role: DNS Server | CVE-2021-26894 | Windows DNS Server Remote Code Execution Vulnerability |
| Role: DNS Server | CVE-2021-26895 | Windows DNS Server Remote Code Execution Vulnerability |
| Role: DNS Server | CVE-2021-26893 | Windows DNS Server Remote Code Execution Vulnerability |
| Role: DNS Server | CVE-2021-26877 | Windows DNS Server Remote Code Execution Vulnerability |
| Role: DNS Server | CVE-2021-26896 | Windows DNS Server Denial of Service Vulnerability |
| Role: DNS Server | CVE-2021-26897 | Windows DNS Server Remote Code Execution Vulnerability |
| Role: Hyper-V | CVE-2021-26879 | Windows NAT Denial of Service Vulnerability |
| Role: Hyper-V | CVE-2021-26867 | Windows Hyper-V Remote Code Execution Vulnerability |
| Visual Studio | CVE-2021-21300 | Git for Visual Studio Remote Code Execution Vulnerability |
| Visual Studio Code | CVE-2021-27081 | Visual Studio Code ESLint Extension Remote Code Execution Vulnerability |
| Visual Studio Code | CVE-2021-27060 | Visual Studio Code Remote Code Execution Vulnerability |
| Visual Studio Code | CVE-2021-27084 | Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability |
| Visual Studio Code | CVE-2021-27083 | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability |
| Visual Studio Code | CVE-2021-27082 | Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability |
| Visual Studio Code - Python extension | CVE-2020-17163 | Visual Studio Code Python Extension Remote Code Execution Vulnerability |
| Windows Admin Center | CVE-2021-27066 | Windows Admin Center Security Feature Bypass Vulnerability |
| Windows Container Execution Agent | CVE-2021-26865 | Windows Container Execution Agent Elevation of Privilege Vulnerability |
| Windows Container Execution Agent | CVE-2021-26891 | Windows Container Execution Agent Elevation of Privilege Vulnerability |
| Windows DirectX | CVE-2021-24095 | DirectX Elevation of Privilege Vulnerability |
| Windows Error Reporting | CVE-2021-24090 | Windows Error Reporting Elevation of Privilege Vulnerability |
| Windows Event Tracing | CVE-2021-26898 | Windows Event Tracing Elevation of Privilege Vulnerability |
| Windows Event Tracing | CVE-2021-26872 | Windows Event Tracing Elevation of Privilege Vulnerability |
| Windows Event Tracing | CVE-2021-24107 | Windows Event Tracing Information Disclosure Vulnerability |
| Windows Event Tracing | CVE-2021-26901 | Windows Event Tracing Elevation of Privilege Vulnerability |
| Windows Extensible Firmware Interface | CVE-2021-26892 | Windows Extensible Firmware Interface Security Feature Bypass Vulnerability |
| Windows Folder Redirection | CVE-2021-26887 | Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability |
| Windows Installer | CVE-2021-26862 | Windows Installer Elevation of Privilege Vulnerability |
| Windows Media | CVE-2021-26881 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
| Windows Overlay Filter | CVE-2021-26874 | Windows Overlay Filter Elevation of Privilege Vulnerability |
| Windows Overlay Filter | CVE-2021-26860 | Windows App-V Overlay Filter Elevation of Privilege Vulnerability |
| Windows Print Spooler Components | CVE-2021-26878 | Windows Print Spooler Elevation of Privilege Vulnerability |
| Windows Print Spooler Components | CVE-2021-1640 | Windows Print Spooler Elevation of Privilege Vulnerability |
| Windows Projected File System Filter Driver | CVE-2021-26870 | Windows Projected File System Elevation of Privilege Vulnerability |
| Windows Registry | CVE-2021-26864 | Windows Virtual Registry Provider Elevation of Privilege Vulnerability |
| Windows Remote Access API | CVE-2021-26882 | Remote Access API Elevation of Privilege Vulnerability |
| Windows Storage Spaces Controller | CVE-2021-26880 | Storage Spaces Controller Elevation of Privilege Vulnerability |
| Windows Update Assistant | CVE-2021-27070 | Windows 10 Update Assistant Elevation of Privilege Vulnerability |
| Windows Update Stack | CVE-2021-26889 | Windows Update Stack Elevation of Privilege Vulnerability |
| Windows Update Stack | CVE-2021-1729 | Windows Update Stack Setup Elevation of Privilege Vulnerability |
| Windows Update Stack | CVE-2021-26866 | Windows Update Service Elevation of Privilege Vulnerability |
| Windows UPnP Device Host | CVE-2021-26899 | Windows UPnP Device Host Elevation of Privilege Vulnerability |
| Windows User Profile Service | CVE-2021-26886 | User Profile Service Denial of Service Vulnerability |
| Windows User Profile Service | CVE-2021-26873 | Windows User Profile Service Elevation of Privilege Vulnerability |
| Windows WalletService | CVE-2021-26885 | Windows WalletService Elevation of Privilege Vulnerability |
| Windows WalletService | CVE-2021-26871 | Windows WalletService Elevation of Privilege Vulnerability |
| Windows Win32K | CVE-2021-26900 | Windows Win32k Elevation of Privilege Vulnerability |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-1640 MITRE NVD |
CVE Title: Windows Print Spooler Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: What privileges would an attacker gain? An attacker who successfully exploited this vulnerability could overwrite arbitrary file content in the security context of the local system. Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-1640 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5000848 (Monthly Rollup) | Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-1640 | Blaz Satler and Ziga Sumenjak of 0patch JeongOh Kyea (@kkokkokye) of THEORI working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-1729 MITRE NVD |
CVE Title: Windows Update Stack Setup Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.1/6.2
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-1729 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-1729 | Abdelhamid Naceri (halov) working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-24095 MITRE NVD |
CVE Title: DirectX Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-24095 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-24095 | liuxiaoliang and pjf |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-24108 MITRE NVD |
CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. What kind of user interaction is required? A user needs to be tricked into downloading and running malicious files. Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-24108 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4504703 (Security Update) | Important | Remote Code Execution | 4486698 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4504703 (Security Update) | Important | Remote Code Execution | 4486698 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 RT Service Pack 1 | 4493228 (Security Update) | Important | Remote Code Execution | 4484469 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4493228 (Security Update) | Important | Remote Code Execution | 4484469 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4493228 (Security Update) | Important | Remote Code Execution | 4484469 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (32-bit edition) | 4493225 (Security Update) | Important | Remote Code Execution | 4484466 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (64-bit edition) | 4493225 (Security Update) | Important | Remote Code Execution | 4484466 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2021-24108 | Felix Boulet |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26411 MITRE NVD |
CVE Title: Internet Explorer Memory Corruption Vulnerability
CVSS: CVSS:3.0 8.8/7.9
FAQ: How could an attacker exploit the vulnerability? An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email. Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | Yes | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26411 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Internet Explorer 11 on Windows 10 for 32-bit Systems | 5000807 (Security Update) | Critical | Remote Code Execution | 4601331 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 for x64-based Systems | 5000807 (Security Update) | Critical | Remote Code Execution | 4601331 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Critical | Remote Code Execution | 4601318 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Critical | Remote Code Execution | 4601318 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Critical | Remote Code Execution | 4601354 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Critical | Remote Code Execution | 4601354 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Critical | Remote Code Execution | 4601354 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Critical | Remote Code Execution | 4601345 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Critical | Remote Code Execution | 4601345 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Critical | Remote Code Execution | 4601345 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems | 5000808 (Security Update) | Critical | Remote Code Execution | 4601315 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems | 5000808 (Security Update) | Critical | Remote Code Execution | 4601315 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Critical | Remote Code Execution | 4601315 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Critical | Remote Code Execution | 4601315 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Critical | Remote Code Execution | 4601315 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 5000800 (IE Cumulative) 5000841 (Monthly Rollup) |
Critical | Remote Code Execution | 4601313 4601347 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 5000800 (IE Cumulative) 5000841 (Monthly Rollup) |
Critical | Remote Code Execution | 4601313 4601347 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 8.1 for 32-bit systems | 5000800 (IE Cumulative) 5000848 (Monthly Rollup) |
Critical | Remote Code Execution | 4601313 4601384 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 8.1 for x64-based systems | 5000800 (IE Cumulative) 5000848 (Monthly Rollup) |
Critical | Remote Code Execution | 4601313 4601384 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows RT 8.1 | 5000848 (Monthly Rollup) | Critical | Remote Code Execution | 4601384 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000800 (IE Cumulative) 5000841 (Monthly Rollup) |
Critical | Remote Code Execution | 4601313 4601347 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2012 | 5000800 (IE Cumulative) 5000847 (Monthly Rollup) |
Critical | Remote Code Execution | 4601313 4601348 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2012 R2 | 5000800 (IE Cumulative) 5000848 (Monthly Rollup) |
Critical | Remote Code Execution | 4601313 4601384 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2016 | 5000803 (Security Update) | Critical | Remote Code Execution | 4601318 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2019 | 5000822 (Security Update) | Critical | Remote Code Execution | 4601345 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000800 (IE Cumulative) |
Critical | Remote Code Execution | 4601360 4601313 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000800 (IE Cumulative) |
Critical | Remote Code Execution | 4601360 4601313 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems | 5000807 (Security Update) | Critical | Remote Code Execution | 4601331 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems | 5000807 (Security Update) | Critical | Remote Code Execution | 4601331 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Critical | Remote Code Execution | 4601318 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Critical | Remote Code Execution | 4601318 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Critical | Remote Code Execution | 4601354 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Critical | Remote Code Execution | 4601354 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Critical | Remote Code Execution | 4601354 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Critical | Remote Code Execution | 4601345 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Critical | Remote Code Execution | 4601345 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Critical | Remote Code Execution | 4601345 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems | 5000808 (Security Update) | Critical | Remote Code Execution | 4601315 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems | 5000808 (Security Update) | Critical | Remote Code Execution | 4601315 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Critical | Remote Code Execution | 4601315 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Critical | Remote Code Execution | 4601315 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Critical | Remote Code Execution | 4601315 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows Server 2016 | 5000803 (Security Update) | Critical | Remote Code Execution | 4601318 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows Server 2019 | 5000822 (Security Update) | Critical | Remote Code Execution | 4601345 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26411 | yangkang(@dnpushme) & huangyi(@C0rk1_H) Enki |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27060 MITRE NVD |
CVE Title: Visual Studio Code Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27060 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Visual Studio Code | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-27060 | RyotaK (@ryotkak) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27070 MITRE NVD |
CVE Title: Windows 10 Update Assistant Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.3/6.4
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27070 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-27070 | Abdelhamid Naceri (halov) working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27074 MITRE NVD |
CVE Title: Azure Sphere Unsigned Code Execution Vulnerability
CVSS: CVSS:3.0 6.2/5.6
FAQ: What version of Azure Sphere has the update that protects from this vulnerability? All versions of Azure Sphere that are 21.02 and higher are protected from this vulnerability. How do I ensure my Azure Sphere device has the update? If your device is new or has not been connected to the internet for a while, connect the device to a secure, private local network with internet access and allow the device to automatically update itself. If the device is already online, verify that the operating system version 21.02 has been installed using the Azure Sphere CLI command:
If the device is connected to the internet and does not yet have the latest update, check the update status with the following Azure Sphere CLI command:
Azure Sphere is running on IoT devices in my environment. How do I know if any of those devices are affected by this vulnerability? An IoT device that is running Azure Sphere and is connected to a network is automatically updated every day. This vulnerability has already been addressed so the devices are protected from this vulnerability. More information on Azure Sphere’s CVE principles can be found on https://docs.microsoft.com/en-us/azure-sphere/deployment/azure-sphere-cves Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27074 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Sphere | Critical | Remote Code Execution | None | Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-27074 | Lilith [^_^], Claudio Bozzato of Cisco Talos |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2021-27075 MITRE NVD |
CVE Title: Azure Virtual Machine Information Disclosure Vulnerability
CVSS: CVSS:3.0 6.8/6.1
FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow a low privileged user to gain virtual machine credentials as well as credentials to extensions associated with the virtual machine. What are some of the services affected by this vulnerability? The following table lists some of the affected services, and the changes associated with the remedy for this vulnerability:
Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27075 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Container Instance | Important | Information Disclosure | None | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Unknown | |
| Azure Kubernetes Service | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| Azure Service Fabric | Important | Information Disclosure | None | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Unknown | |
| Azure Spring Cloud | Important | Information Disclosure | None | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-27075 | Paul Litvak of Intezer wtm at Offensi |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27077 MITRE NVD |
CVE Title: Windows Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/7.0
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27077 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5000848 (Monthly Rollup) | Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-27077 | Marcin Wiazowski working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||
| CVE-2021-27080 MITRE NVD |
CVE Title: Azure Sphere Unsigned Code Execution Vulnerability
CVSS: CVSS:3.0 9.3/9.3
FAQ: What version of Azure Sphere has the update that protects from this vulnerability? All versions of Azure Sphere that are 21.02 and higher are protected from this vulnerability. How do I ensure my Azure Sphere device has the update? If your device is new or has not been connected to the internet for a while, connect the device to a secure, private local network with internet access and allow the device to automatically update itself. If the device is already online, verify that the operating system version 21.02 has been installed using the Azure Sphere CLI command:
If the device is connected to the internet and does not yet have the latest update, check the update status with the following Azure Sphere CLI command:
Azure Sphere is running on IoT devices in my environment. How do I know if any of those devices are affected by this vulnerability? An IoT device that is running Azure Sphere and is connected to a network is automatically updated every day. This vulnerability has already been addressed so the devices are protected from this vulnerability. More information on Azure Sphere’s CVE principles can be found on https://docs.microsoft.com/en-us/azure-sphere/deployment/azure-sphere-cves Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27080 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Sphere | Critical | Remote Code Execution | None | Base: 9.3 Temporal: 9.3 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-27080 | Lilith >_> and Claudio Bozzato of Cisco Talos. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27081 MITRE NVD |
CVE Title: Visual Studio Code ESLint Extension Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27081 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Visual Studio Code ESLint extension | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-27081 | David Dworken |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27082 MITRE NVD |
CVE Title: Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. 1.1    2021-03-12T08:00:00Z     Added exploitability assessment. This is an informational change only. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27082 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Quantum Development Kit for Visual Studio Code | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-27082 | David Dworken |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27083 MITRE NVD |
CVE Title: Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27083 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Visual Studio Code Remote - Containers Extension | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-27083 | David Dworken |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2020-17163 MITRE NVD |
CVE Title: Visual Studio Code Python Extension Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-16T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-17163 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Python extension for Visual Studio Code | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-17163 | David Dworken |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-24089 MITRE NVD |
CVE Title: HEVC Video Extensions Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? If your device manufacturer preinstalled this app, package versions 1.0.40203.0 and later contain this update. If you purchased this app from the Microsoft Store, package versions 1.0.40204.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.1    2021-04-06T07:00:00Z     Updated FAQ information. This is an informational change only. 1.0    2021-03-09T08:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-24089 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| HEVC Video Extensions | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-24089 | Dhanesh Kizhakkinan of FireEye Inc. Le Huu Quang Linh (@linhlhq) from Vietnam National Cyber Security Center (NCSC Vietnam) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-24090 MITRE NVD |
CVE Title: Windows Error Reporting Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-24090 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-24090 | Gal De Leon (@galdeleon) of Palo Alto Networks |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-24104 MITRE NVD |
CVE Title: Microsoft SharePoint Spoofing Vulnerability
CVSS: CVSS:3.0 4.6/4.2
FAQ: There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-24104 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2016 | 4493232 (Security Update) 4493199 (Security Update) |
Important | Spoofing | 4493195 4493167 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N/E:P/RL:W/RC:C |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 4493238 (Security Update) 4493177 (Security Update) |
Important | Spoofing | 4493210 4486696 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N/E:P/RL:W/RC:C |
Maybe |
| Microsoft SharePoint Server 2019 | 4493230 (Security Update) 4493231 (Security Update) |
Important | Spoofing | 4493194 4493161 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N/E:P/RL:W/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-24104 | Cameron Vincent |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-24107 MITRE NVD |
CVE Title: Windows Event Tracing Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-24107 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5000807 (Security Update) | Important | Information Disclosure | 4601331 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5000807 (Security Update) | Important | Information Disclosure | 4601331 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Information Disclosure | 4601318 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Information Disclosure | 4601318 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Information Disclosure | 4601354 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Information Disclosure | 4601354 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Information Disclosure | 4601354 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Information Disclosure | 4601345 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Information Disclosure | 4601345 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Information Disclosure | 4601345 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Information Disclosure | 4601315 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Information Disclosure | 4601315 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Information Disclosure | 4601315 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Information Disclosure | 4601347 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Information Disclosure | 4601347 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Information Disclosure | 4601384 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Information Disclosure | 4601384 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5000848 (Monthly Rollup) | Important | Information Disclosure | 4601384 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Information Disclosure | 4601360 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Information Disclosure | 4601360 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Information Disclosure | 4601360 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Information Disclosure | 4601360 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Information Disclosure | 4601347 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Information Disclosure | 4601347 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Information Disclosure | 4601348 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Information Disclosure | 4601348 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Information Disclosure | 4601384 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Information Disclosure | 4601384 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Information Disclosure | 4601318 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Information Disclosure | 4601318 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Information Disclosure | 4601345 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Information Disclosure | 4601345 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Information Disclosure | 4601315 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-24107 | Yarden Shafir @yarden_shafir |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-24110 MITRE NVD |
CVE Title: HEVC Video Extensions Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? If your device manufacturer preinstalled this app, package versions 1.0.40203.0 and later contain this update. If you purchased this app from the Microsoft Store, package versions 1.0.40204.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.1    2021-04-06T07:00:00Z     Updated FAQ information. This is an informational change only. 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-24110 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| HEVC Video Extensions | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-24110 | Dhanesh Kizhakkinan of FireEye Inc |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26412 MITRE NVD |
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 9.1/8.2
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-02T08:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26412 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Exchange Server 2013 Cumulative Update 23 | 5000871 (Security Update) | Critical | Remote Code Execution | 4593466 |
Base: 9.1 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 18 | 5000871 (Security Update) | Critical | Remote Code Execution | 4593466 |
Base: 9.1 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 19 | 5000871 (Security Update) | Critical | Remote Code Execution | 4593466 |
Base: 9.1 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 7 | 5000871 (Security Update) | Critical | Remote Code Execution | 4593466 |
Base: 9.1 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 8 | 5000871 (Security Update) | Critical | Remote Code Execution | 4593466 |
Base: 9.1 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-26412 | Steven Seeley (mr_me) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26854 MITRE NVD |
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 6.6/5.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-02T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26854 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Exchange Server 2013 Cumulative Update 23 | 5000871 (Security Update) | Important | Remote Code Execution | 4602269 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 18 | 5000871 (Security Update) | Important | Remote Code Execution | 4602269 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 19 | 5000871 (Security Update) | Important | Remote Code Execution | 4602269 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 7 | 5000871 (Security Update) | Important | Remote Code Execution | 4602269 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 8 | 5000871 (Security Update) | Important | Remote Code Execution | 4602269 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-26854 | Steven Seeley (mr_me) of Source Incite |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2021-26855 MITRE NVD |
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 9.1/8.4
FAQ: Is this vulnerability being used in an active attack? Yes. The vulnerability described in this CVE is one of four vulnerabilities that are being exploited in an active attack. The security updates address this attack. More information can be found here: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server. What is the target for this attack? The initial attack in this attack chain targets an Exchange On-prem server that is able to receive untrusted connections from an external source. In addition, the Exchange server would need to be running Microsoft Exchange Server 2013, 2016, or 2019. Where can I get more information about how to protect myself from the vulnerabilities? Please see On-Premises Exchange Server Vulnerabilities Resource Center – updated March 25, 2021. If I install the Security Updates for the older Cumulative Updates, am I fully protected from vulnerabilities for all published CVEs? No, you will be protected from the vulnerabilities documented by CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858. You will not be protected from some previous CVEs as shown in the table below.
Microsoft Exchange Server 2019
Microsoft Exchange Server 2016
Please see Exchange Server build numbers and release dates for more information on Exchange Server Cumulative Updates release dates. Mitigations: Workarounds: None Revision: 3.0    2021-03-10T08:00:00Z     Microsoft is releasing security updates for CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, and CVE-2021-26858 for several Cumulative Updates that are out of support, including Exchange Server 2019 CU 3; and Exchange Server 2016 CU 17, CU 13, CU12; and Exchange Server 2013 CU 22, CU 21. These updates address only those CVEs. Customers who want to be protected from these vulnerabilities can apply these updates if they are not on a supported cumulative update. Microsoft strongly recommends that customers update to the latest supported cumulative updates. 4.0    2021-03-11T08:00:00Z     Microsoft is releasing the final set of security updates for CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, and CVE-2021-26858 for several Cumulative Updates that are out of support, including Exchange Server 2019, CU1 and CU2; and Exchange Server 2016 CU 8, CU 9, CU10, and CU11. These updates address only those CVEs. Customers who want to be protected from these vulnerabilities can apply these updates if they are not Exchange Server on a supported cumulative update. Microsoft strongly recommends that customers update to the latest supported cumulative updates. 5.0    2021-03-16T07:00:00Z     Microsoft is releasing a security update for CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, and CVE-2021-26858 for Microsoft Exchange Server 2013 Service Pack 1. This update addresses only those CVEs. Customers who want to be protected from these vulnerabilities can apply this update if they are not on a supported cumulative update. Microsoft strongly recommends that customers update to the latest supported cumulative updates. 1.0    2021-03-02T08:00:00Z     Information published. 1.1    2021-03-02T08:00:00Z     Updated one or more CVSS scores for the affected products. 2.0    2021-03-08T08:00:00Z     Microsoft is releasing security updates for CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, and CVE-2021-26858 for several Cumulative Updates that are out of support, including Exchange Server 2019 CU 6, CU 5, and CU 4 and Exchange Server 2016 CU 16, CU 15, and CU14. These updates address only those CVEs. Customers who want to be protected from these vulnerabilities can apply these updates if they are not on a supported cumulative update. Microsoft strongly recommends that customers update to the latest supported cumulative updates. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26855 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Exchange Server 2013 Cumulative Update 21 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2013 Cumulative Update 22 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2013 Cumulative Update 23 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 10 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 11 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 12 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 13 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 14 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 15 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 16 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 17 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 18 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 19 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 8 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 9 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 1 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 2 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 3 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 4 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 5 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 6 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 7 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 8 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-26855 | Microsoft Threat Intelligence Center (MSTIC) Orange Tsai from DEVCORE research team Volexity |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2021-26857 MITRE NVD |
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/7.2
FAQ: Is this vulnerability being used in an active attack? Yes. The vulnerability described in this CVE is one of four vulnerabilities that are being exploited in an active attack. The security updates address this attack. More information can be found here: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server. What is the target for this attack? The initial attack in this attack chain targets an Exchange On-prem server that is able to receive untrusted connections from an external source. In addition, the Exchange server would need to be running Microsoft Exchange Server 2013, 2016, or 2019. Where can I get more information about how to protect myself from the vulnerabilities? Please see On-Premises Exchange Server Vulnerabilities Resource Center – updated March 25, 2021. If I install the Security Updates for the older Cumulative Updates, am I fully protected from vulnerabilities for all published CVEs? No, you will be protected from the vulnerabilities documented by CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858. You will not be protected from some previous CVEs as shown in the table below.
Microsoft Exchange Server 2019
Microsoft Exchange Server 2016
Please see Exchange Server build numbers and release dates for more information on Exchange Server Cumulative Updates release dates. Mitigations: Workarounds: None Revision: 3.0    2021-03-10T08:00:00Z     Microsoft is releasing security updates for CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, and CVE-2021-26858 for several Cumulative Updates that are out of support, including Exchange Server 2019 CU 3; and Exchange Server 2016 CU 17, CU 13, CU12; and Exchange Server 2013 CU 22, CU 21. These updates address only those CVEs. Customers who want to be protected from these vulnerabilities can apply these updates if they are not on a supported cumulative update. Microsoft strongly recommends that customers update to the latest supported cumulative updates. 4.0    2021-03-11T08:00:00Z     Microsoft is releasing the final set of security updates for CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, and CVE-2021-26858 for several Cumulative Updates that are out of support, including Exchange Server 2019, CU1 and CU2; and Exchange Server 2016 CU 8, CU 9, CU10, and CU11. These updates address only those CVEs. Customers who want to be protected from these vulnerabilities can apply these updates if they are not Exchange Server on a supported cumulative update. Microsoft strongly recommends that customers update to the latest supported cumulative updates. 5.0    2021-03-16T07:00:00Z     Microsoft is releasing a security update for CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, and CVE-2021-26858 for Microsoft Exchange Server 2013 Service Pack 1. This update addresses only those CVEs. Customers who want to be protected from these vulnerabilities can apply this update if they are not on a supported cumulative update. Microsoft strongly recommends that customers update to the latest supported cumulative updates. 1.0    2021-03-02T08:00:00Z     Information published. 1.1    2021-03-02T08:00:00Z     Updated one or more CVSS scores for the affected products. 2.0    2021-03-08T08:00:00Z     Microsoft is releasing security updates for CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, and CVE-2021-26858 for several Cumulative Updates that are out of support, including Exchange Server 2019 CU 6, CU 5, and CU 4 and Exchange Server 2016 CU 16, CU 15, and CU14. These updates address only those CVEs. Customers who want to be protected from these vulnerabilities can apply these updates if they are not on a supported cumulative update. Microsoft strongly recommends that customers update to the latest supported cumulative updates. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26857 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Exchange Server 2010 Service Pack 3 | 5000978 (Security Update) | Critical | Remote Code Execution | 4593467 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2013 Cumulative Update 21 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2013 Cumulative Update 22 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2013 Cumulative Update 23 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2013 Service Pack 1 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 10 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 11 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 12 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 13 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 14 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 15 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 16 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 17 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 18 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 19 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 8 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 9 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 1 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 2 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 3 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 4 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 5 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 6 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 7 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 8 | 5000871 (Security Update) | Critical | Remote Code Execution | 4602269 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-26857 | Microsoft Threat Intelligence Center (MSTIC) Dubex |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2021-26858 MITRE NVD |
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/7.2
FAQ: Is this vulnerability being used in an active attack? Yes. The vulnerability described in this CVE is one of four vulnerabilities that are being exploited in an active attack. The security updates address this attack. More information can be found here: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server. What is the target for this attack? The initial attack in this attack chain targets an Exchange On-prem server that is able to receive untrusted connections from an external source. In addition, the Exchange server would need to be running Microsoft Exchange Server 2013, 2016, or 2019. Where can I get more information about how to protect myself from the vulnerabilities? Please see On-Premises Exchange Server Vulnerabilities Resource Center – updated March 25, 2021. If I install the Security Updates for the older Cumulative Updates, am I fully protected from vulnerabilities for all published CVEs? No, you will be protected from the vulnerabilities documented by CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858. You will not be protected from some previous CVEs as shown in the table below.
Microsoft Exchange Server 2019
Microsoft Exchange Server 2016
Please see Exchange Server build numbers and release dates for more information on Exchange Server Cumulative Updates release dates. Mitigations: Workarounds: None Revision: 3.0    2021-03-10T08:00:00Z     Microsoft is releasing security updates for CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, and CVE-2021-26858 for several Cumulative Updates that are out of support, including Exchange Server 2019 CU 3; and Exchange Server 2016 CU 17, CU 13, CU12; and Exchange Server 2013 CU 22, CU 21. These updates address only those CVEs. Customers who want to be protected from these vulnerabilities can apply these updates if they are not on a supported cumulative update. Microsoft strongly recommends that customers update to the latest supported cumulative updates. 4.0    2021-03-11T08:00:00Z     Microsoft is releasing the final set of security updates for CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, and CVE-2021-26858 for several Cumulative Updates that are out of support, including Exchange Server 2019, CU1 and CU2; and Exchange Server 2016 CU 8, CU 9, CU10, and CU11. These updates address only those CVEs. Customers who want to be protected from these vulnerabilities can apply these updates if they are not Exchange Server on a supported cumulative update. Microsoft strongly recommends that customers update to the latest supported cumulative updates. 5.0    2021-03-16T07:00:00Z     Microsoft is releasing a security update for CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, and CVE-2021-26858 for Microsoft Exchange Server 2013 Service Pack 1. This update addresses only those CVEs. Customers who want to be protected from these vulnerabilities can apply this update if they are not on a supported cumulative update. Microsoft strongly recommends that customers update to the latest supported cumulative updates. 1.0    2021-03-02T08:00:00Z     Information published. 1.1    2021-03-02T08:00:00Z     Updated one or more CVSS scores for the affected products. 2.0    2021-03-08T08:00:00Z     Microsoft is releasing security updates for CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, and CVE-2021-26858 for several Cumulative Updates that are out of support, including Exchange Server 2019 CU 6, CU 5, and CU 4 and Exchange Server 2016 CU 16, CU 15, and CU14. These updates address only those CVEs. Customers who want to be protected from these vulnerabilities can apply these updates if they are not on a supported cumulative update. Microsoft strongly recommends that customers update to the latest supported cumulative updates. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26858 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Exchange Server 2013 Cumulative Update 21 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2013 Cumulative Update 22 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2013 Cumulative Update 23 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 10 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 11 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 12 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 13 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 14 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 15 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 16 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 17 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 18 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 19 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 8 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 9 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 1 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 2 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 3 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 4 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 5 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 6 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 7 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 8 | 5000871 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26858 | Microsoft Threat Intelligence Center (MSTIC) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26859 MITRE NVD |
CVE Title: Microsoft Power BI Information Disclosure Vulnerability
CVSS: CVSS:3.0 7.7/6.7
FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of NTLM hashes. Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26859 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Power BI Report Server version 15.0.1103.234 | 5001284 (Security Update) | Important | Information Disclosure | None | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
| Power BI Report Server version 15.0.1104.300 | 5001285 (Security Update) | Important | Information Disclosure | None | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-26859 | Maxime ESCOURBIAC of Michelin CERT |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26860 MITRE NVD |
CVE Title: Windows App-V Overlay Filter Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26860 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26860 | James Forshaw of Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26861 MITRE NVD |
CVE Title: Windows Graphics Component Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26861 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5000807 (Security Update) | Important | Remote Code Execution | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5000807 (Security Update) | Important | Remote Code Execution | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Remote Code Execution | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Remote Code Execution | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Remote Code Execution | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Remote Code Execution | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Remote Code Execution | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Remote Code Execution | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Remote Code Execution | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Remote Code Execution | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Remote Code Execution | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Remote Code Execution | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Remote Code Execution | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Remote Code Execution | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5000848 (Monthly Rollup) | Important | Remote Code Execution | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Remote Code Execution | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Remote Code Execution | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Remote Code Execution | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Remote Code Execution | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Remote Code Execution | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Remote Code Execution | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Remote Code Execution | 4601348 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Remote Code Execution | 4601348 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Remote Code Execution | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Remote Code Execution | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Remote Code Execution | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Remote Code Execution | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Remote Code Execution | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26861 | Zhihua Yao, lm0963, and CSZQ of DBAPPSecurity Zion Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26862 MITRE NVD |
CVE Title: Windows Installer Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26862 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5000848 (Monthly Rollup) | Important | Elevation of Privilege | 4601384 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26862 | Abdelhamid Naceri (halov) working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26863 MITRE NVD |
CVE Title: Windows Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26863 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26863 | Mateusz Jurczyk of Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26864 MITRE NVD |
CVE Title: Windows Virtual Registry Provider Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 8.4/7.3
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26864 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26864 | James Forshaw of Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26865 MITRE NVD |
CVE Title: Windows Container Execution Agent Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26865 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26865 | James Forshaw of Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26866 MITRE NVD |
CVE Title: Windows Update Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.1/6.2
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26866 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26866 | Abdelhamid Naceri (halov) working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26867 MITRE NVD |
CVE Title: Windows Hyper-V Remote Code Execution Vulnerability
CVSS: CVSS:3.0 9.9/8.6
FAQ: Which Hyper-V systems are vulnerable? Any Hyper-V client which is configured to use the Plan 9 file system could be vulnerable. An authenticated attacker who successfully exploited this vulnerability on a Hyper-V client could cause code to execute on the Hyper-V server. Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26867 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Critical | Remote Code Execution | 4601315 |
Base: 9.9 Temporal: 8.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 9.9 Temporal: 8.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 9.9 Temporal: 8.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Critical | Remote Code Execution | 4601315 |
Base: 9.9 Temporal: 8.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 9.9 Temporal: 8.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 9.9 Temporal: 8.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26867 | @rezer0dai |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26868 MITRE NVD |
CVE Title: Windows Graphics Component Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26868 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5000848 (Monthly Rollup) | Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26868 | liuxiaoliang and pjf |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26869 MITRE NVD |
CVE Title: Windows ActiveX Installer Service Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system. Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26869 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5000807 (Security Update) | Important | Information Disclosure | 4601331 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5000807 (Security Update) | Important | Information Disclosure | 4601331 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Information Disclosure | 4601318 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Information Disclosure | 4601318 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Information Disclosure | 4601354 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Information Disclosure | 4601354 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Information Disclosure | 4601354 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Information Disclosure | 4601345 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Information Disclosure | 4601345 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Information Disclosure | 4601345 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Information Disclosure | 4601315 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Information Disclosure | 4601315 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Information Disclosure | 4601315 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Information Disclosure | 4601347 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Information Disclosure | 4601347 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Information Disclosure | 4601384 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Information Disclosure | 4601384 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5000848 (Monthly Rollup) | Important | Information Disclosure | 4601384 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Information Disclosure | 4601347 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Information Disclosure | 4601347 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Information Disclosure | 4601348 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Information Disclosure | 4601348 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Information Disclosure | 4601384 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Information Disclosure | 4601384 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Information Disclosure | 4601318 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Information Disclosure | 4601318 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Information Disclosure | 4601345 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Information Disclosure | 4601345 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Information Disclosure | 4601315 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26869 | Xuefeng Li (@lxf02942370) and Zhiniang Peng (@edwardzpeng) of Sangfor |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26870 MITRE NVD |
CVE Title: Windows Projected File System Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26870 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26870 | Xuefeng Li (@lxf02942370) and Zhiniang Peng (@edwardzpeng) of Sangfor |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26871 MITRE NVD |
CVE Title: Windows WalletService Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26871 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26871 | Xuefeng Li (@lxf02942370) and Zhiniang Peng (@edwardzpeng) of Sangfor |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26872 MITRE NVD |
CVE Title: Windows Event Tracing Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26872 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5000848 (Monthly Rollup) | Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26872 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26873 MITRE NVD |
CVE Title: Windows User Profile Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26873 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5000848 (Monthly Rollup) | Important | Elevation of Privilege | 4601384 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26873 | Abdelhamid Naceri (halov) working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26874 MITRE NVD |
CVE Title: Windows Overlay Filter Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26874 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26874 | James Forshaw of Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26875 MITRE NVD |
CVE Title: Windows Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26875 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5000848 (Monthly Rollup) | Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26875 | Mark Rogers of PowerMapper Software |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26876 MITRE NVD |
CVE Title: OpenType Font Parsing Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26876 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Critical | Remote Code Execution | 4601354 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Critical | Remote Code Execution | 4601354 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Critical | Remote Code Execution | 4601354 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Critical | Remote Code Execution | 4601345 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Critical | Remote Code Execution | 4601345 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Critical | Remote Code Execution | 4601345 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Critical | Remote Code Execution | 4601315 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Critical | Remote Code Execution | 4601315 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Critical | Remote Code Execution | 4601315 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Critical | Remote Code Execution | 4601345 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Critical | Remote Code Execution | 4601345 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Critical | Remote Code Execution | 4601315 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26876 | Arlie Davis - Windows / Azure Safe Systems Programming Languages Team Keqi Hu |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26877 MITRE NVD |
CVE Title: Windows DNS Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 9.8/8.5
FAQ: Can this vulnerability by mitigated by enabling Secure Zone Updates? Enabling Secure Zone Updates constrains the potential sources of the attack, but does not completely prevent it. For example, a malicious insider could attack a “secure zone update” DNS server from a domain-joined computer. This is only a partial mitigation. Does this vulnerability impact just standalone DNS Primary Authoritative Server and not a DNS Server integrated with Active Directory? This vulnerability impacts any DNS server. The surrounding configuration can limit possible vectors/sources for the attack, but proper mitigation requires this month’s security update patch. If my server is not configured to be a DNS server, it is vulnerable? No, this vulnerability is only exploitable if the server is configured to be a DNS server. Mitigations: Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26877 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Remote Code Execution | 4601360 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Remote Code Execution | 4601360 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Remote Code Execution | 4601360 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Remote Code Execution | 4601360 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Remote Code Execution | 4601347 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Remote Code Execution | 4601347 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Remote Code Execution | 4601348 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Remote Code Execution | 4601348 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Remote Code Execution | 4601384 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Remote Code Execution | 4601384 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Remote Code Execution | 4601318 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Remote Code Execution | 4601318 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Remote Code Execution | 4601315 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26877 | Microsoft Platform Security & Vulnerability Research |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26878 MITRE NVD |
CVE Title: Windows Print Spooler Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26878 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5000848 (Monthly Rollup) | Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26878 | This vulnerability was discovered by Bryan de Houwer and Thibault van Geluwe de Berlaere. x |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26879 MITRE NVD |
CVE Title: Windows NAT Denial of Service Vulnerability
CVSS: CVSS:3.0 7.5/6.5
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26879 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for x64-based Systems | 5000807 (Security Update) | Important | Denial of Service | 4601331 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Denial of Service | 4601318 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Denial of Service | 4601354 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Denial of Service | 4601345 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Denial of Service | 4601315 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Denial of Service | 4601319 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Denial of Service | 4601319 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Denial of Service | 4601384 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Denial of Service | 4601384 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Denial of Service | 4601384 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Denial of Service | 4601318 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Denial of Service | 4601318 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Denial of Service | 4601345 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Denial of Service | 4601345 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Denial of Service | 4601315 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Denial of Service | 4601319 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Denial of Service | 4601319 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26879 | Huichen Lin and Dong Seong Kim of School of Information Technology and Electrical Engineering - The University of Queensland |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26880 MITRE NVD |
CVE Title: Storage Spaces Controller Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26880 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26880 | nghiadt12 (@nghiadt1098) from Viettel Cyber Security anonymous JeongOh Kyea (@kkokkokye) of THEORI |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26881 MITRE NVD |
CVE Title: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.5/6.5
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26881 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5000807 (Security Update) | Important | Remote Code Execution | 4601331 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5000807 (Security Update) | Important | Remote Code Execution | 4601331 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Remote Code Execution | 4601318 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Remote Code Execution | 4601318 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Remote Code Execution | 4601354 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Remote Code Execution | 4601354 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Remote Code Execution | 4601354 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Remote Code Execution | 4601315 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Remote Code Execution | 4601315 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Remote Code Execution | 4601315 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Remote Code Execution | 4601347 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Remote Code Execution | 4601347 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Remote Code Execution | 4601384 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Remote Code Execution | 4601384 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5000848 (Monthly Rollup) | Important | Remote Code Execution | 4601384 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Remote Code Execution | 4601347 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Remote Code Execution | 4601347 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Remote Code Execution | 4601348 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Remote Code Execution | 4601348 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Remote Code Execution | 4601384 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Remote Code Execution | 4601384 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Remote Code Execution | 4601318 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Remote Code Execution | 4601318 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Remote Code Execution | 4601315 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26881 | HAO LI of VenusTech ADLab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26882 MITRE NVD |
CVE Title: Remote Access API Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26882 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5000848 (Monthly Rollup) | Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26882 | Jianyang Song (https://twitter.com/SecBoxer) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26884 MITRE NVD |
CVE Title: Windows Media Photo Codec Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26884 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5000807 (Security Update) | Important | Information Disclosure | 4601331 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5000807 (Security Update) | Important | Information Disclosure | 4601331 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Information Disclosure | 4601318 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Information Disclosure | 4601318 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Information Disclosure | 4601354 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Information Disclosure | 4601354 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Information Disclosure | 4601354 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Information Disclosure | 4601345 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Information Disclosure | 4601345 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Information Disclosure | 4601345 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Information Disclosure | 4601315 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Information Disclosure | 4601315 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Information Disclosure | 4601315 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Information Disclosure | 4601384 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Information Disclosure | 4601384 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5000848 (Monthly Rollup) | Important | Information Disclosure | 4601384 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Information Disclosure | 4601348 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Information Disclosure | 4601348 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Information Disclosure | 4601384 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Information Disclosure | 4601384 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Information Disclosure | 4601318 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Information Disclosure | 4601318 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Information Disclosure | 4601345 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Information Disclosure | 4601345 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Information Disclosure | 4601315 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Information Disclosure | 4601319 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26884 | Worawit Wangwarunyoo of Datafarm |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26885 MITRE NVD |
CVE Title: Windows WalletService Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26885 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26885 | Xuefeng Li (@lxf02942370) of Sangfor & Zhiniang Peng (@edwardzpeng) of Sangfor |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26886 MITRE NVD |
CVE Title: User Profile Service Denial of Service Vulnerability
CVSS: CVSS:3.0 6.1/5.3
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26886 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5000807 (Security Update) | Important | Denial of Service | 4601331 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5000807 (Security Update) | Important | Denial of Service | 4601331 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Denial of Service | 4601318 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Denial of Service | 4601318 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Denial of Service | 4601354 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Denial of Service | 4601354 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Denial of Service | 4601354 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Denial of Service | 4601345 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Denial of Service | 4601345 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Denial of Service | 4601345 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Denial of Service | 4601315 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Denial of Service | 4601315 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Denial of Service | 4601315 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Denial of Service | 4601319 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Denial of Service | 4601319 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Denial of Service | 4601319 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Denial of Service | 4601319 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Denial of Service | 4601319 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Denial of Service | 4601319 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Denial of Service | 4601384 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Denial of Service | 4601384 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5000848 (Monthly Rollup) | Important | Denial of Service | 4601384 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Denial of Service | 4601348 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Denial of Service | 4601348 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Denial of Service | 4601384 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Denial of Service | 4601384 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Denial of Service | 4601318 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Denial of Service | 4601318 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Denial of Service | 4601345 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Denial of Service | 4601345 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Denial of Service | 4601315 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Denial of Service | 4601319 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Denial of Service | 4601319 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26886 | Abdelhamid Naceri working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26887 MITRE NVD |
CVE Title: Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: There are no Downloads listed in the Security Updates table. How do I protect my system from this vulnerability? This elevation of privilege vulnerability can only be addressed by reconfiguring Folder Redirection with Offline files and restricting permissions, and NOT via a security update for affected Windows Servers. See Deploy Folder Redirection with Offline Files for instructions for configuring your system. Mitigations: None Workarounds: None Revision: 1.1    2021-03-15T07:00:00Z     The instructions in the article, https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj649078(v%3dws.11), have been updated since this CVE was released on March 9, 2021. Microsoft recommends that customers re-visit the article ensure their systems are properly configured to be protected against this vulnerability. This elevation of privilege vulnerability can only be addressed by reconfiguring Folder Redirection with Offline files and restricting permissions, and NOT via a security update for affected Windows Servers. 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26887 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows 10 for x64-based Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1607 for 32-bit Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1607 for x64-based Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1803 for 32-bit Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1803 for ARM64-based Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1803 for x64-based Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1809 for 32-bit Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1809 for ARM64-based Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1809 for x64-based Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1909 for 32-bit Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1909 for ARM64-based Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1909 for x64-based Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows 10 Version 2004 for 32-bit Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows 10 Version 2004 for ARM64-based Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows 10 Version 2004 for x64-based Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows 10 Version 20H2 for 32-bit Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows 10 Version 20H2 for ARM64-based Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows 10 Version 20H2 for x64-based Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows 7 for 32-bit Systems Service Pack 1 | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows 7 for x64-based Systems Service Pack 1 | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows 8.1 for 32-bit systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows 8.1 for x64-based systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows RT 8.1 | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows Server 2012 R2 (Server Core installation) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows Server 2016 | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows Server 2016 (Server Core installation) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows Server 2019 | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows Server 2019 (Server Core installation) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows Server, version 1909 (Server Core installation) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows Server, version 2004 (Server Core installation) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Windows Server, version 20H2 (Server Core Installation) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-26887 | somaro |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26889 MITRE NVD |
CVE Title: Windows Update Stack Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26889 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26889 | Abdelhamid Naceri (halov) working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26890 MITRE NVD |
CVE Title: Application Virtualization Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26890 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Remote Code Execution | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Remote Code Execution | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Remote Code Execution | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Remote Code Execution | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26890 | Will Dormann CERT/CC |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26891 MITRE NVD |
CVE Title: Windows Container Execution Agent Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26891 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26891 | James Forshaw of Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26892 MITRE NVD |
CVE Title: Windows Extensible Firmware Interface Security Feature Bypass Vulnerability
CVSS: CVSS:3.0 6.2/5.6
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26892 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Security Feature Bypass | 4601318 |
Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Security Feature Bypass | 4601318 |
Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Security Feature Bypass | 4601354 | Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Security Feature Bypass | 4601354 | Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Security Feature Bypass | 4601354 | Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Security Feature Bypass | 4601345 |
Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Security Feature Bypass | 4601345 |
Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Security Feature Bypass | 4601345 |
Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Security Feature Bypass | 4601315 |
Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Security Feature Bypass | 4601315 |
Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Security Feature Bypass | 4601315 |
Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Security Feature Bypass | 4601319 |
Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Security Feature Bypass | 4601319 |
Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Security Feature Bypass | 4601319 |
Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Security Feature Bypass | 4601319 |
Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Security Feature Bypass | 4601319 |
Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Security Feature Bypass | 4601319 |
Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Security Feature Bypass | 4601318 |
Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Security Feature Bypass | 4601318 |
Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Security Feature Bypass | 4601345 |
Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Security Feature Bypass | 4601345 |
Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Security Feature Bypass | 4601315 |
Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Security Feature Bypass | 4601319 |
Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Security Feature Bypass | 4601319 |
Base: 6.2 Temporal: 5.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26892 | Abdelhamid Naceri (halov) working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26893 MITRE NVD |
CVE Title: Windows DNS Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 9.8/8.5
FAQ: Can this vulnerability by mitigated by enabling Secure Zone Updates? Enabling Secure Zone Updates constrains the potential sources of the attack, but does not completely prevent it. For example, a malicious insider could attack a “secure zone update” DNS server from a domain-joined computer. This is only a partial mitigation. Does this vulnerability impact just standalone DNS Primary Authoritative Server and not a DNS Server integrated with Active Directory? This vulnerability impacts any DNS server. The surrounding configuration can limit possible vectors/sources for the attack, but proper mitigation requires this month’s security update patch. If my server is not configured to be a DNS server, it is vulnerable? No, this vulnerability is only exploitable if the server is configured to be a DNS server. Mitigations: Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26893 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Remote Code Execution | 4601360 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Remote Code Execution | 4601360 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Remote Code Execution | 4601360 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Remote Code Execution | 4601360 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Remote Code Execution | 4601347 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Remote Code Execution | 4601347 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Remote Code Execution | 4601348 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Remote Code Execution | 4601348 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Remote Code Execution | 4601384 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Remote Code Execution | 4601384 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Remote Code Execution | 4601318 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Remote Code Execution | 4601318 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Remote Code Execution | 4601315 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26893 | Nicolas Joly of Microsoft Corporation |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26894 MITRE NVD |
CVE Title: Windows DNS Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 9.8/8.5
FAQ: Can this vulnerability by mitigated by enabling Secure Zone Updates? Enabling Secure Zone Updates constrains the potential sources of the attack, but does not completely prevent it. For example, a malicious insider could attack a “secure zone update” DNS server from a domain-joined computer. This is only a partial mitigation. Does this vulnerability impact just standalone DNS Primary Authoritative Server and not a DNS Server integrated with Active Directory? This vulnerability impacts any DNS server. The surrounding configuration can limit possible vectors/sources for the attack, but proper mitigation requires this month’s security update patch. If my server is not configured to be a DNS server, it is vulnerable? No, this vulnerability is only exploitable if the server is configured to be a DNS server. Mitigations: Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26894 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Remote Code Execution | 4601360 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Remote Code Execution | 4601360 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Remote Code Execution | 4601360 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Remote Code Execution | 4601360 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Remote Code Execution | 4601347 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Remote Code Execution | 4601347 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Remote Code Execution | 4601348 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Remote Code Execution | 4601348 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Remote Code Execution | 4601384 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Remote Code Execution | 4601384 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Remote Code Execution | 4601318 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Remote Code Execution | 4601318 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Remote Code Execution | 4601315 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26894 | Nicolas Joly of Microsoft Corporation |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26895 MITRE NVD |
CVE Title: Windows DNS Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 9.8/8.5
FAQ: Can this vulnerability by mitigated by enabling Secure Zone Updates? Enabling Secure Zone Updates constrains the potential sources of the attack, but does not completely prevent it. For example, a malicious insider could attack a “secure zone update” DNS server from a domain-joined computer. This is only a partial mitigation. Does this vulnerability impact just standalone DNS Primary Authoritative Server and not a DNS Server integrated with Active Directory? This vulnerability impacts any DNS server. The surrounding configuration can limit possible vectors/sources for the attack, but proper mitigation requires this month’s security update patch. If my server is not configured to be a DNS server, it is vulnerable? No, this vulnerability is only exploitable if the server is configured to be a DNS server. Mitigations: Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26895 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Remote Code Execution | 4601360 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Remote Code Execution | 4601360 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Remote Code Execution | 4601360 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Remote Code Execution | 4601360 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Remote Code Execution | 4601347 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Remote Code Execution | 4601347 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Remote Code Execution | 4601348 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Remote Code Execution | 4601348 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Remote Code Execution | 4601384 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Remote Code Execution | 4601384 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Remote Code Execution | 4601318 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Remote Code Execution | 4601318 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Remote Code Execution | 4601315 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26895 | Nicolas Joly of Microsoft Corporation |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26896 MITRE NVD |
CVE Title: Windows DNS Server Denial of Service Vulnerability
CVSS: CVSS:3.0 7.5/6.5
FAQ: Can this vulnerability by mitigated by enabling Secure Zone Updates? Enabling Secure Zone Updates constrains the potential sources of the attack, but does not completely prevent it. For example, a malicious insider could attack a “secure zone update” DNS server from a domain-joined computer. This is only a partial mitigation. Does this vulnerability impact just standalone DNS Primary Authoritative Server and not a DNS Server integrated with Active Directory? This vulnerability impacts any DNS server. The surrounding configuration can limit possible vectors/sources for the attack, but proper mitigation requires this month’s security update patch. If my server is not configured to be a DNS server, it is vulnerable? No, this vulnerability is only exploitable if the server is configured to be a DNS server. Mitigations: Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26896 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Denial of Service | 4601360 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Denial of Service | 4601360 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Denial of Service | 4601360 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Denial of Service | 4601360 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Denial of Service | 4601347 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Denial of Service | 4601347 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Denial of Service | 4601348 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Denial of Service | 4601348 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Denial of Service | 4601384 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Denial of Service | 4601384 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Denial of Service | 4601318 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Denial of Service | 4601318 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Denial of Service | 4601345 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Denial of Service | 4601345 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Denial of Service | 4601315 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Denial of Service | 4601319 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Denial of Service | 4601319 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26896 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26897 MITRE NVD |
CVE Title: Windows DNS Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 9.8/8.5
FAQ: Can this vulnerability by mitigated by enabling Secure Zone Updates? Enabling Secure Zone Updates constrains the potential sources of the attack, but does not completely prevent it. For example, a malicious insider could attack a “secure zone update” DNS server from a domain-joined computer. This is only a partial mitigation. Does this vulnerability impact just standalone DNS Primary Authoritative Server and not a DNS Server integrated with Active Directory? This vulnerability impacts any DNS server. The surrounding configuration can limit possible vectors/sources for the attack, but proper mitigation requires this month’s security update patch. If my server is not configured to be a DNS server, it is vulnerable? No, this vulnerability is only exploitable if the server is configured to be a DNS server. Mitigations: Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26897 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Critical | Remote Code Execution | 4601360 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Critical | Remote Code Execution | 4601360 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Critical | Remote Code Execution | 4601360 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Critical | Remote Code Execution | 4601360 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Critical | Remote Code Execution | 4601347 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Critical | Remote Code Execution | 4601347 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Critical | Remote Code Execution | 4601348 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Critical | Remote Code Execution | 4601348 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Critical | Remote Code Execution | 4601384 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Critical | Remote Code Execution | 4601384 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Critical | Remote Code Execution | 4601318 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Critical | Remote Code Execution | 4601318 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Critical | Remote Code Execution | 4601345 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Critical | Remote Code Execution | 4601345 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Critical | Remote Code Execution | 4601315 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Critical | Remote Code Execution | 4601319 |
Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26897 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26898 MITRE NVD |
CVE Title: Windows Event Tracing Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26898 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5000848 (Monthly Rollup) | Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26898 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26899 MITRE NVD |
CVE Title: Windows UPnP Device Host Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26899 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5000848 (Monthly Rollup) | Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26899 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26900 MITRE NVD |
CVE Title: Windows Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26900 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26900 | JeongOh Kyea (@kkokkokye) of THEORI working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26901 MITRE NVD |
CVE Title: Windows Event Tracing Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26901 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5000807 (Security Update) | Important | Elevation of Privilege | 4601331 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Elevation of Privilege | 4601354 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5000848 (Monthly Rollup) | Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Elevation of Privilege | 4601360 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Elevation of Privilege | 4601347 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Elevation of Privilege | 4601348 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Elevation of Privilege | 4601384 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Elevation of Privilege | 4601318 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Elevation of Privilege | 4601345 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Elevation of Privilege | 4601315 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Elevation of Privilege | 4601319 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26901 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26902 MITRE NVD |
CVE Title: HEVC Video Extensions Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? If your device manufacturer preinstalled this app, package versions 1.0.40203.0 and later contain this update. If you purchased this app from the Microsoft Store, package versions 1.0.40204.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.1    2021-04-06T07:00:00Z     Updated FAQ information. This is an informational change only. 1.0    2021-03-09T08:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26902 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| HEVC Video Extensions | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-26902 | Dhanesh Kizhakkinan of FireEye Inc. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27047 MITRE NVD |
CVE Title: HEVC Video Extensions Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? If your device manufacturer preinstalled this app, package versions 1.0.40203.0 and later contain this update. If you purchased this app from the Microsoft Store, package versions 1.0.40204.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.1    2021-04-06T07:00:00Z     Updated FAQ information. This is an informational change only. 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27047 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| HEVC Video Extensions | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-27047 | Dhanesh Kizhakkinan of FireEye Inc. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27048 MITRE NVD |
CVE Title: HEVC Video Extensions Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? If your device manufacturer preinstalled this app, package versions 1.0.40203.0 and later contain this update. If you purchased this app from the Microsoft Store, package versions 1.0.40204.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.1    2021-04-06T07:00:00Z     Updated FAQ information. This is an informational change only. 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27048 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| HEVC Video Extensions | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-27048 | Dhanesh Kizhakkinan of FireEye Inc. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27049 MITRE NVD |
CVE Title: HEVC Video Extensions Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? If your device manufacturer preinstalled this app, package versions 1.0.40203.0 and later contain this update. If you purchased this app from the Microsoft Store, package versions 1.0.40204.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.1    2021-04-06T07:00:00Z     Updated FAQ information. This is an informational change only. 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27049 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| HEVC Video Extensions | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-27049 | Dhanesh Kizhakkinan of FireEye Inc. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27050 MITRE NVD |
CVE Title: HEVC Video Extensions Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? If your device manufacturer preinstalled this app, package versions 1.0.40203.0 and later contain this update. If you purchased this app from the Microsoft Store, package versions 1.0.40204.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.1    2021-04-06T07:00:00Z     Updated FAQ information. This is an informational change only. 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27050 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| HEVC Video Extensions | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-27050 | Le Huu Quang Linh (@linhlhq) from Vietnam National Cyber Security Center (NCSC Vietnam) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27051 MITRE NVD |
CVE Title: HEVC Video Extensions Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? If your device manufacturer preinstalled this app, package versions 1.0.40203.0 and later contain this update. If you purchased this app from the Microsoft Store, package versions 1.0.40204.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.1    2021-04-06T07:00:00Z     Updated FAQ information. This is an informational change only. 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27051 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| HEVC Video Extensions | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-27051 | Dhanesh Kizhakkinan of FireEye Inc. Le Huu Quang Linh (@linhlhq) from Vietnam National Cyber Security Center (NCSC Vietnam) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27052 MITRE NVD |
CVE Title: Microsoft SharePoint Server Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.3/4.8
FAQ: What kind of information can be disclosed? An attacker can gain access to an organizational's email, sites, filename, url of file... Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27052 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2016 | 4493232 (Security Update) | Important | Information Disclosure | 4493195 | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Server 2019 | 4493230 (Security Update) | Important | Information Disclosure | 4493194 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-27052 | Huynh Thong |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27053 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Are the updates for the Microsoft Office 2019 for Mac currently available? The security update for Microsoft Office 2019 for Mac is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information. Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27053 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Excel 2010 Service Pack 2 (32-bit editions) | 4504707 (Security Update) | Important | Remote Code Execution | 4493222 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2010 Service Pack 2 (64-bit editions) | 4504707 (Security Update) | Important | Remote Code Execution | 4493222 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 RT Service Pack 1 | 4493239 (Security Update) | Important | Remote Code Execution | 4493211 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 4493239 (Security Update) | Important | Remote Code Execution | 4493211 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 4493239 (Security Update) | Important | Remote Code Execution | 4493211 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (32-bit edition) | 4493233 (Security Update) | Important | Remote Code Execution | 4493196 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (64-bit edition) | 4493233 (Security Update) | Important | Remote Code Execution | 4493196 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office Online Server | 4493229 (Security Update) | Important | Remote Code Execution | 4493192 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office Web Apps Server 2013 Service Pack 1 | 4493234 (Security Update) | Important | Remote Code Execution | 4493204 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-27053 | kdot working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27054 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Are the updates for the Microsoft Office 2019 for Mac currently available? The security update for Microsoft Office 2019 for Mac is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information. Mitigations: None Workarounds: None Revision: 2.0    2021-03-16T07:00:00Z     Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the Release Notes for more information and download links. 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27054 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Excel 2010 Service Pack 2 (32-bit editions) | 4504707 (Security Update) | Important | Remote Code Execution | 4493222 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2010 Service Pack 2 (64-bit editions) | 4504707 (Security Update) | Important | Remote Code Execution | 4493222 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 RT Service Pack 1 | 4493239 (Security Update) | Important | Remote Code Execution | 4493211 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 4493239 (Security Update) | Important | Remote Code Execution | 4493211 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 4493239 (Security Update) | Important | Remote Code Execution | 4493211 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (32-bit edition) | 4493233 (Security Update) | Important | Remote Code Execution | 4493196 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (64-bit edition) | 4493233 (Security Update) | Important | Remote Code Execution | 4493196 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4493214 (Security Update) | Important | Remote Code Execution | 4493181 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4493214 (Security Update) | Important | Remote Code Execution | 4493181 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 RT Service Pack 1 | 4493203 (Security Update) | Important | Remote Code Execution | 4486759 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4493203 (Security Update) | Important | Remote Code Execution | 4486759 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4493203 (Security Update) | Important | Remote Code Execution | 4486759 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (32-bit edition) | 4493200 (Security Update) | Important | Remote Code Execution | 4493168 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (64-bit edition) | 4493200 (Security Update) | Important | Remote Code Execution | 4493168 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office Online Server | 4493229 (Security Update) | Important | Remote Code Execution | 4493192 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office Web Apps Server 2013 Service Pack 1 | 4493234 (Security Update) | Important | Remote Code Execution | 4493204 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-27054 | kdot working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27055 MITRE NVD |
CVE Title: Microsoft Visio Security Feature Bypass Vulnerability
CVSS: CVSS:3.0 7.0/6.1
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. What is the attack vector for this vulnerability? Initially an Administrator would need to set a Group Policy in a specific way. Then, an attacker would then need to modify a macro-enabled template that ships with Excel. Then the attacker needs to convince a target to run that malicious file on a system affected by that Policy. Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27055 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Visio 2010 Service Pack 2 (32-bit editions) | 4484376 (Security Update) | Important | Security Feature Bypass | 4462225 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visio 2010 Service Pack 2 (64-bit editions) | 4484376 (Security Update) | Important | Security Feature Bypass | 4462225 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visio 2013 Service Pack 1 (32-bit editions) | 4486673 (Security Update) | Important | Security Feature Bypass | 4464544 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visio 2013 Service Pack 1 (64-bit editions) | 4486673 (Security Update) | Important | Security Feature Bypass | 4464544 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visio 2016 (32-bit edition) | 4493151 (Security Update) | Important | Security Feature Bypass | 4484244 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visio 2016 (64-bit edition) | 4493151 (Security Update) | Important | Security Feature Bypass | 4484244 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-27055 | Luke Papandrea, Microsoft Corporation |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27056 MITRE NVD |
CVE Title: Microsoft PowerPoint Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27056 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions) | 4504702 (Security Update) | Important | Remote Code Execution | 4484372 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions) | 4504702 (Security Update) | Important | Remote Code Execution | 4484372 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft PowerPoint 2013 RT Service Pack 1 | 4493227 (Security Update) | Important | Remote Code Execution | 4484468 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft PowerPoint 2013 Service Pack 1 (32-bit editions) | 4493227 (Security Update) | Important | Remote Code Execution | 4484468 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft PowerPoint 2013 Service Pack 1 (64-bit editions) | 4493227 (Security Update) | Important | Remote Code Execution | 4484468 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft PowerPoint 2016 (32-bit edition) | 4493224 (Security Update) | Important | Remote Code Execution | 4484393 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft PowerPoint 2016 (64-bit edition) | 4493224 (Security Update) | Important | Remote Code Execution | 4484393 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-27056 | Anonymous working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27057 MITRE NVD |
CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. What kind of user interaction is required? A user needs to be tricked into downloading and running malicious files. Are the updates for the Microsoft Office 2019 for Mac currently available? The security update for Microsoft Office 2019 for Mac is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information. Mitigations: None Workarounds: None Revision: 2.0    2021-03-16T07:00:00Z     Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the Release Notes for more information and download links. 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27057 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Excel 2010 Service Pack 2 (32-bit editions) | 4504707 (Security Update) | Important | Remote Code Execution | 4493222 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2010 Service Pack 2 (64-bit editions) | 4504707 (Security Update) | Important | Remote Code Execution | 4493222 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 RT Service Pack 1 | 4493239 (Security Update) | Important | Remote Code Execution | 4493211 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 4493239 (Security Update) | Important | Remote Code Execution | 4493211 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 4493239 (Security Update) | Important | Remote Code Execution | 4493211 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (32-bit edition) | 4493233 (Security Update) | Important | Remote Code Execution | 4493196 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (64-bit edition) | 4493233 (Security Update) | Important | Remote Code Execution | 4493196 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4493214 (Security Update) | Important | Remote Code Execution | 4493181 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4493214 (Security Update) | Important | Remote Code Execution | 4493181 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 RT Service Pack 1 | 4493203 (Security Update) | Important | Remote Code Execution | 4486759 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4493203 (Security Update) | Important | Remote Code Execution | 4486759 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4493203 (Security Update) | Important | Remote Code Execution | 4486759 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (32-bit edition) | 4493200 (Security Update) | Important | Remote Code Execution | 4493168 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (64-bit edition) | 4493200 (Security Update) | Important | Remote Code Execution | 4493168 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office Online Server | 4493229 (Security Update) | Important | Remote Code Execution | 4493192 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office Web Apps 2013 Service Pack 1 | 4493234 (Security Update) | Important | Remote Code Execution | 4493204 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-27057 | Anonymous working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27058 MITRE NVD |
CVE Title: Microsoft Office ClickToRun Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27058 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2021-27058 | Will Dormann CERT/CC |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27059 MITRE NVD |
CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.6/6.6
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.1    2021-03-12T08:00:00Z     Added an acknowledgement and changed the Exploited flag to Yes. This is an informational update only. 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27059 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4504703 (Security Update) | Important | Remote Code Execution | 4486698 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4504703 (Security Update) | Important | Remote Code Execution | 4486698 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 RT Service Pack 1 | 4493228 (Security Update) | Important | Remote Code Execution | 4484469 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4493228 (Security Update) | Important | Remote Code Execution | 4484469 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4493228 (Security Update) | Important | Remote Code Execution | 4484469 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (32-bit edition) | 4493225 (Security Update) | Important | Remote Code Execution | 4484466 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (64-bit edition) | 4493225 (Security Update) | Important | Remote Code Execution | 4484466 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-27059 | Chi-Yu You and Dhanesh Kizhakkinan of FireEye Inc. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27061 MITRE NVD |
CVE Title: HEVC Video Extensions Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? If your device manufacturer preinstalled this app, package versions 1.0.40203.0 and later contain this update. If you purchased this app from the Microsoft Store, package versions 1.0.40204.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.1    2021-04-06T07:00:00Z     Updated FAQ information. This is an informational change only. 1.0    2021-03-09T08:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27061 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| HEVC Video Extensions | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-27061 | Dhanesh Kizhakkinan of FireEye Inc. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27062 MITRE NVD |
CVE Title: HEVC Video Extensions Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? If your device manufacturer preinstalled this app, package versions 1.0.40203.0 and later contain this update. If you purchased this app from the Microsoft Store, package versions 1.0.40204.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.1    2021-04-06T07:00:00Z     Updated FAQ information. This is an informational change only. 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27062 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| HEVC Video Extensions | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-27062 | Le Huu Quang Linh (@linhlhq) from Vietnam National Cyber Security Center (NCSC Vietnam) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27063 MITRE NVD |
CVE Title: Windows DNS Server Denial of Service Vulnerability
CVSS: CVSS:3.0 7.5/6.5
FAQ: Can this vulnerability by mitigated by enabling Secure Zone Updates? Enabling Secure Zone Updates constrains the potential sources of the attack, but does not completely prevent it. For example, a malicious insider could attack a “secure zone update” DNS server from a domain-joined computer. This is only a partial mitigation. Does this vulnerability impact just standalone DNS Primary Authoritative Server and not a DNS Server integrated with Active Directory? This vulnerability impacts any DNS server. The surrounding configuration can limit possible vectors/sources for the attack, but proper mitigation requires this month’s security update patch. If my server is not configured to be a DNS server, it is vulnerable? No, this vulnerability is only exploitable if the server is configured to be a DNS server. Mitigations: Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27063 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Denial of Service | 4601360 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Denial of Service | 4601360 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Denial of Service | 4601360 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5000844 (Monthly Rollup) 5000856 (Security Only) |
Important | Denial of Service | 4601360 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Denial of Service | 4601347 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 (Monthly Rollup) 5000851 (Security Only) |
Important | Denial of Service | 4601347 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Denial of Service | 4601348 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5000847 (Monthly Rollup) 5000840 (Security Only) |
Important | Denial of Service | 4601348 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Denial of Service | 4601384 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5000848 (Monthly Rollup) 5000853 (Security Only) |
Important | Denial of Service | 4601384 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5000803 (Security Update) | Important | Denial of Service | 4601318 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5000803 (Security Update) | Important | Denial of Service | 4601318 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5000822 (Security Update) | Important | Denial of Service | 4601345 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5000822 (Security Update) | Important | Denial of Service | 4601345 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5000808 (Security Update) | Important | Denial of Service | 4601315 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5000802 (Security Update) | Important | Denial of Service | 4601319 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 (Security Update) | Important | Denial of Service | 4601319 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-27063 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2021-27065 MITRE NVD |
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/7.2
FAQ: Is this vulnerability being used in an active attack? Yes. The vulnerability described in this CVE is one of four vulnerabilities that are being exploited in an active attack. The security updates address this attack. More information can be found here: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server. What is the target for this attack? The initial attack in this attack chain targets an Exchange On-prem server that is able to receive untrusted connections from an external source. In addition, the Exchange server would need to be running Microsoft Exchange Server 2013, 2016, or 2019. Where can I get more information about how to protect myself from the vulnerabilities? Please see On-Premises Exchange Server Vulnerabilities Resource Center – updated March 25, 2021. If I install the Security Updates for the older Cumulative Updates, am I fully protected from vulnerabilities for all published CVEs? No, you will be protected from the vulnerabilities documented by CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858. You will not be protected from some previous CVEs as shown in the table below.
Microsoft Exchange Server 2019
Microsoft Exchange Server 2016
Please see Exchange Server build numbers and release dates for more information on Exchange Server Cumulative Updates release dates. Mitigations: Workarounds: None Revision: 3.0    2021-03-10T08:00:00Z     Microsoft is releasing security updates for CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, and CVE-2021-26858 for several Cumulative Updates that are out of support, including Exchange Server 2019 CU 3; and Exchange Server 2016 CU 17, CU 13, CU12; and Exchange Server 2013 CU 22, CU 21. These updates address only those CVEs. Customers who want to be protected from these vulnerabilities can apply these updates if they are not on a supported cumulative update. Microsoft strongly recommends that customers update to the latest supported cumulative updates. 4.0    2021-03-11T08:00:00Z     Microsoft is releasing the final set of security updates for CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, and CVE-2021-26858 for several Cumulative Updates that are out of support, including Exchange Server 2019, CU1 and CU2; and Exchange Server 2016 CU 8, CU 9, CU10, and CU11. These updates address only those CVEs. Customers who want to be protected from these vulnerabilities can apply these updates if they are not Exchange Server on a supported cumulative update. Microsoft strongly recommends that customers update to the latest supported cumulative updates. 5.0    2021-03-16T07:00:00Z     Microsoft is releasing a security update for CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, and CVE-2021-26858 for Microsoft Exchange Server 2013 Service Pack 1. This update addresses only those CVEs. Customers who want to be protected from these vulnerabilities can apply this update if they are not on a supported cumulative update. Microsoft strongly recommends that customers update to the latest supported cumulative updates. 1.0    2021-03-02T08:00:00Z     Information published. 1.1    2021-03-02T08:00:00Z     Updated one or more CVSS scores for the affected products. 2.0    2021-03-08T08:00:00Z     Microsoft is releasing security updates for CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, and CVE-2021-26858 for several Cumulative Updates that are out of support, including Exchange Server 2019 CU 6, CU 5, and CU 4 and Exchange Server 2016 CU 16, CU 15, and CU14. These updates address only those CVEs. Customers who want to be protected from these vulnerabilities can apply these updates if they are not on a supported cumulative update. Microsoft strongly recommends that customers update to the latest supported cumulative updates. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27065 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Exchange Server 2013 Cumulative Update 21 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2013 Cumulative Update 22 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2013 Cumulative Update 23 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2013 Service Pack 1 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 10 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 11 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 12 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 13 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 14 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 15 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 16 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 17 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 18 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 19 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 8 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 9 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 1 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 2 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 3 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 4 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 5 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 6 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 7 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 8 | 5000871 (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-27065 | Volexity Orange Tsai from DEVCORE research team Microsoft Threat Intelligence Center (MSTIC) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27066 MITRE NVD |
CVE Title: Windows Admin Center Security Feature Bypass Vulnerability
CVSS: CVSS:3.0 4.3/3.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27066 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Admin Center | Release Notes (Security Update) | Important | Security Feature Bypass | None | Base: 4.3 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-27066 | Satya |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-21300 MITRE NVD |
CVE Title: Git for Visual Studio Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21300 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.8 (includes 16.0 - 16.7) | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-21300 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27076 MITRE NVD |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: What is the attack vector for this vulnerability? In a network-based attack an attacker can gain access to create a site and could execute code remotely within the kernel. The user would need to have privileges. Mitigations: None Workarounds: None Revision: 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27076 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Business Productivity Servers 2010 Service Pack 2 | 3101541 (Security Update) | Important | Remote Code Execution | 2553405 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Enterprise Server 2016 | 4493232 (Security Update) | Important | Remote Code Execution | 4493195 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 4493238 (Security Update) | Important | Remote Code Execution | 4493210 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Server 2019 | 4493230 (Security Update) | Important | Remote Code Execution | 4493194 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-27076 | Anonymous working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27078 MITRE NVD |
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 9.1/8.2
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-03-02T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27078 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Exchange Server 2013 Cumulative Update 23 | 5000871 (Security Update) | Important | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 18 | 5000871 (Security Update) | Important | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 19 | 5000871 (Security Update) | Important | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 7 | 5000871 (Security Update) | Important | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 8 | 5000871 (Security Update) | Important | Remote Code Execution | 4602269 |
Base: 9.1 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-27078 | Steven Seeley (mr_me) of Source Incite |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27084 MITRE NVD |
CVE Title: Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.1    2021-03-12T08:00:00Z     Corrected Download and Article links in the Security Updates table. This is an informational change only. 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27084 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Visual Studio Code - Java Extension Pack | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-27084 | David Dworken |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27085 MITRE NVD |
CVE Title: Internet Explorer Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.9
FAQ: None Mitigations: None Workarounds: None Revision: 1.1    2021-03-12T08:00:00Z     Added an acknowledgement and changed the Exploited flag to Yes. This is an informational update only. 1.0    2021-03-09T08:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27085 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 5000809 (Security Update) | Important | Remote Code Execution | 4601354 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 5000809 (Security Update) | Important | Remote Code Execution | 4601354 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 5000809 (Security Update) | Important | Remote Code Execution | 4601354 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems | 5000808 (Security Update) | Important | Remote Code Execution | 4601315 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems | 5000808 (Security Update) | Important | Remote Code Execution | 4601315 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems | 5000808 (Security Update) | Important | Remote Code Execution | 4601315 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 2004 for 32-bit Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 2004 for ARM64-based Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 2004 for x64-based Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 20H2 for 32-bit Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 20H2 for ARM64-based Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 20H2 for x64-based Systems | 5000802 (Security Update) | Important | Remote Code Execution | 4601319 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2019 | 5000822 (Security Update) | Important | Remote Code Execution | 4601345 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-27085 | Chi-Yu You and Dhanesh Kizhakkinan of FireEye Inc. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2020-27844 MITRE NVD |
CVE Title: Chromium CVE-2020-27844: Heap buffer overflow in OpenJPEG
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:03:54Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2020-27844 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2020-27844 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21159 MITRE NVD |
CVE Title: Chromium CVE-2021-21159: Heap buffer overflow in TabStrip
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:03:55Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21159 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21159 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21160 MITRE NVD |
CVE Title: Chromium CVE-2021-21160: Heap buffer overflow in WebAudio
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:03:56Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21160 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21160 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21161 MITRE NVD |
CVE Title: Chromium CVE-2021-21161: Heap buffer overflow in TabStrip
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:03:57Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21161 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21161 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21162 MITRE NVD |
CVE Title: Chromium CVE-2021-21162: Use after free in WebRTC
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:03:58Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21162 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21162 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21163 MITRE NVD |
CVE Title: Chromium CVE-2021-21163: Insufficient data validation in Reader Mode
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:03:59Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21163 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21163 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21164 MITRE NVD |
CVE Title: Chromium CVE-2021-21164: Insufficient data validation in Chrome for iOS
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:03:59Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21164 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21164 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21165 MITRE NVD |
CVE Title: Chromium CVE-2021-21165: Object lifecycle issue in audio
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21165 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21165 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21166 MITRE NVD |
CVE Title: Chromium CVE-2021-21166: Object lifecycle issue in audio
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:01Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21166 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21166 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21167 MITRE NVD |
CVE Title: Chromium CVE-2021-21167: Use after free in bookmarks
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:02Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21167 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21167 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21168 MITRE NVD |
CVE Title: Chromium CVE-2021-21168: Insufficient policy enforcement in appcache
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:03Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21168 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21168 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21169 MITRE NVD |
CVE Title: Chromium CVE-2021-21169: Out of bounds memory access in V8
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:03Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21169 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21169 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21170 MITRE NVD |
CVE Title: Chromium CVE-2021-21170: Incorrect security UI in Loader
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:04Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21170 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21170 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21171 MITRE NVD |
CVE Title: Chromium CVE-2021-21171: Incorrect security UI in TabStrip and Navigation
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:05Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21171 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21171 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21172 MITRE NVD |
CVE Title: Chromium CVE-2021-21172: Insufficient policy enforcement in File System API
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:06Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21172 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21172 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21173 MITRE NVD |
CVE Title: Chromium CVE-2021-21173: Side-channel information leakage in Network Internals
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:07Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21173 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21173 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21174 MITRE NVD |
CVE Title: Chromium CVE-2021-21174: Inappropriate implementation in Referrer
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:08Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21174 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21174 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21175 MITRE NVD |
CVE Title: Chromium CVE-2021-21175: Inappropriate implementation in Site isolation
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:08Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21175 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21175 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21176 MITRE NVD |
CVE Title: Chromium CVE-2021-21176: Inappropriate implementation in full screen mode
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:09Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21176 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21176 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21177 MITRE NVD |
CVE Title: Chromium CVE-2021-21177: Insufficient policy enforcement in Autofill
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:10Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21177 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21177 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21178 MITRE NVD |
CVE Title: Chromium CVE-2021-21178 : Inappropriate implementation in Compositing
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:11Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21178 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21178 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21179 MITRE NVD |
CVE Title: Chromium CVE-2021-21179: Use after free in Network Internals
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:12Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21179 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21179 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21180 MITRE NVD |
CVE Title: Chromium CVE-2021-21180: Use after free in tab search
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:12Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21180 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21180 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21181 MITRE NVD |
CVE Title: Chromium CVE-2021-21181: Side-channel information leakage in autofill
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:13Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21181 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21181 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21182 MITRE NVD |
CVE Title: Chromium CVE-2021-21182: Insufficient policy enforcement in navigations
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:14Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21182 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21182 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21183 MITRE NVD |
CVE Title: Chromium CVE-2021-21183: Inappropriate implementation in performance APIs
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:15Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21183 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21183 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21185 MITRE NVD |
CVE Title: Chromium CVE-2021-21185: Insufficient policy enforcement in extensions
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:16Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21185 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21185 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21186 MITRE NVD |
CVE Title: Chromium CVE-2021-21186: Insufficient policy enforcement in QR scanning
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:17Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21186 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21186 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21187 MITRE NVD |
CVE Title: Chromium CVE-2021-21187: Insufficient data validation in URL formatting
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:17Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21187 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21187 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21188 MITRE NVD |
CVE Title: Chromium CVE-2021-21188: Use after free in Blink
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:18Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21188 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21188 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21189 MITRE NVD |
CVE Title: Chromium CVE-2021-21189: Insufficient policy enforcement in payments
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:19Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21189 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21189 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21190 MITRE NVD |
CVE Title: Chromium CVE-2021-21190 : Uninitialized Use in PDFium
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T20:04:20Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21190 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21190 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21184 MITRE NVD |
CVE Title: Chromium CVE-2021-21184: Inappropriate implementation in performance APIs
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-04T21:57:04Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21184 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21184 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21191 MITRE NVD |
CVE Title: Chromium CVE-2021-21191: Use after free in WebRTC
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-15T16:21:11Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21191 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21191 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21192 MITRE NVD |
CVE Title: Chromium CVE-2021-21192: Heap buffer overflow in tab groups
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-15T16:21:13Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21192 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21192 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21193 MITRE NVD |
CVE Title: Chromium CVE-2021-21193: Use after free in Blink
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-03-15T16:21:14Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21193 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21193 | None |